Adobe held good on their word and released a patch for Adobe Reader and Acrobat, bringing them up to version 9.3, to patch a serious exploit with the Javascript engine inside of Reader and Acrobat. This is the the third time the Javascript engine has been exploited leading many people to disable it completely. For information on how to disable Javascript inside Adobe Reader and Acrobat in a standard case and in a scalable manner, you can read this previous 404 Tech Support article. Although Adobe promised to make the patch available on January 12th and delivered with this security bulletin, it was well after 5 PM Central Time when it was released.
Three of the critical bugs were in Reader’s and Acrobat’s parsing and support of U3D (Universal 3D) files, one was in Adobe’s download manager — which is bundled with Reader and Acrobat — while the fifth was a memory corruption problem. The update also patched less serious flaws that could be used to crash Reader or Acrobat, or could be used by a hacker to change the software’s security settings.
Source: InfoWorld and Adobe Reader Blog
You can find the patch and latest full version on Adobe’s Site – Update page:
- Adobe Reader 9.3 Full Version .exe (37.86MB) / Full .msi (40.6 MB)
- Adobe Acrobat 9.3 Update (174 MB)
For a reminder on how to get Adobe Reader without Adobe’s GetPlus+ garbage, refer to this previous 404TS article: Get Adobe Flash and Reader without GetPlus in Firefox
Although you can extract the .msi file from the setup executable, you can also find Adobe Reader 9.3 in .msi and .exe form without the Adobe Air and Acrobat.com junk from Adobe’s FTP location. From another directory on that FTP server, you can easily download the Acrobat 9.1, 9.2, and 9.3 .msp files to patch your original Acrobat files to bring them up to speed and deploy the latest version over Group Policy by following this article: How to Apply Patches (.msp) to Group Policy Deployed Software (.msi)
Once you have your files updated, you can use the Adobe Customization Wizard 9 to deploy your files with a transform to specify settings for the Acrobat installation. Follow this article for more information on using Adobe’s Customization Wizard for Creating Transforms.
Now to get to work and deploy these updates to my users.
Update:
View these articles for an updated walkthrough of the process: GPO Deploying Adobe Reader 9.3.1 and Using Group Policy to Deploy Adobe Acrobat 9.3.2
You’ll need to use this upgrade path (sticking to the quarterly updates): 9.0 -> 9.1 -> 9.1.2 -> 9.2 -> 9.3
You slipstream the patches into your original installation media on a server somewhere so you can deploy the latest version. To do this, use the command:
- msiexec /a [acrobat .msi file] /p [Acrobat 9.1 .msp file]
Such as:
- msiexec /a AcroPro.msi /p AcroProStdUpd910_T1T2_incr.msp
I was able to successfully patch the Acrobat 9.0 install files to 9.1. I ran into a problem patching from 9.1 to 9.1.2 though. It gave this error message:
Error 1334. The file ‘interop.adobepdfmakerx.dll’ cannot be installed because the file cannot be found in cabinet file ‘Data1.cab’.
To correct this error, use the msi-editor InstedIt to remove the erroneous file reference.
Close the error message and make sure the installer is closed completely. Then launch InstedIt and open the AcroPro.msi Version 9.1.0.
Go to the Edit menu and use Find… to search for the file listed in the error message: interop.adobepdfmakerx.dll
When it finds the row with that file reference, right click on it and choose Delete. Say ‘Yes’ to delete the row. Go to File, Save and save the .msi. Close out of InstedIt and patch your install files from 9.1 to 9.1.2 with this command:
- msiexec /a AcroPro.msi /p AcrobatUpd912_all_incr.msp
It should complete successfully. Unfortunately, there are even more errors when attempting to patch from 9.1.2 to 9.2. I received this error message and for many sequential files.
Error 1334. The file ‘AdobeGridFilePreview.nav’ cannot be installed because the file cannot be found in cabinet file ‘Data1.cab’.
Open InstedIt and open the AcroPro.msi Version 9.1.2. Use the Find tool to find the following files and delete the rows. After removing them, save the .msi.
AdobeGridFilePreview.nav
AdobeGridSidebar.nav
AdobeGridSizeOptions.nav
AdobeListFilePreview.nav
AdobeOnImage.nav (note the case)
AdobeRevolve.nav
AdobeSlidingRow.nav
AdobeSlidingRowSidebar.nav
pdfmacadribbon.dll
acrobatacadicribbon.dll
acrobatacadic.arx
acrobatacadic.dbx
pdfmacad.arx
Patchw32.dll
All the files with the Component column labeled “UpdateFiles_910” and “UpdateFiles_912” (lots of files here)
With contributions from the Adobe forum.
You can now update the Acrobat 9.1.2 install file to version 9.2 with this command:
- msiexec /a AcroPro.msi /p AcrobatUpd920_all_incr.msp
Then update the Acrobat 9.2 install file to version 9.3 with this command:
- msiexec /a AcroPro.msi /p AcrobatUpd930_all_incr.msp
Unfortunately, we’re not done there. Upon running the newly patched install file, we have more files that are not found in Data1.cab, so we’ll have to do more cleaning.
Running this command to test out the installer:
- msiexec /i AcroPro.msi /t AcroPro.mst /qn /log install1.txt
We receive this error:
Error 1334.The file ‘H_PDFMWord_dll_920.rtp’ cannot be installed because the file cannot be found in cabinet file ‘Data1.cab’. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
We have more cleaning up to do. Open up InstEd again, go into the File table and delete any rows that have UpdateFiles_920 or UpdateFiles_930 in the Component column. You can click the top row and then hold Shift while clicking the bottom row to select multiple rows. Then right-click and choose Delete Rows….
Also find and delete:
acrobatupdater.exe (in the File table)
ARM_AcrobatUpdate_exe (in the Component table)
ReaderUpdater.exe (in the FileUpdates_Ex table)
ARM_ReaderUpdate_exe (in the Component table)
adobeextractfiles.dll (in the File table)
ARM_AdobeExtractFiles_dll (in the Component table)
adobearm.exe (in the File table)
ARM_AdobeARM_exe (in the Component table)
After this, Save the .msi file.
After the .msi is fully cleaned up, create your transform with the Adobe Customization Wizard or else you might run into a problem with the Transform and the msi ProductCode not syncing up.
You can now copy the folder you’ve been working in to your deployment server and setup the deployment using the AcroPro.msi now patched to version 9.3 and the .mst you created with the Customization Wizard.